Apple Patches Bug That Allowed In-App Purchase Hack

July 23, 2012

By Developer.com Staff

Apple says that it now has a way for developers to prevent the hack that allowed users to make in-app purchases for free. In an unusual move, the company is giving mobile developers access to two private APIs that will allow them to fix the problem. Once developers apply the fix and users update their apps, it will wipe out fraudulent in-app purchases and prevent them from occurring again. According to Apple, iOS 6 will make the fix permanent.

Alexey Borodin, the hacker who created the in-app purchase workaround, acknowledged on his blog that the fix works. "[The] game is over," he wrote. "Currently we have no way to bypass updated APIs." Users applied Borodin's method to make an estimated 8.4 million fraudulent in-app purchases from at least 115 apps.